"Internal Only" Senior Network Security Engineer

Grade 22:  Salary starts at $89,669.00 annually.  Rate of pay depends on qualifications.

JOB SUMMARY

Responsibilities include design and review of security controls, configuration and monitoring of internal/external access controls and security safeguards to protect the confidentiality, integrity, and availability of information systems assets. This role will be the subject matter expert in the domain of network security as it relates to servers/workstations, networks, web applications, IT processes and regulatory compliance.  Evaluates, selects, implements, and manages information system security tools or network security hardware across enterprise. Serves as a technical lead for staff of one or more network security engineers.

• Works with Enterprise Architects to research, design, and advocate new technologies, architectures, and security products that will support business security requirements for the enterprise.
• Work with Cybersecurity to remediate vulnerabilities and security incidents.
• Works with Enterprise Architects in the identification, analysis, evaluation, deployment, and optimization of security technologies.
• Maintains oversight of the design, implementation and testing of IT systems to ensure appropriate and effective security controls are built from the start.
• Works closely with other groups, including System Administrators, Information Security, Applications, SCADA/I&C and other information system staff to ensure adequate security solutions are in place for all IT systems and platforms to sufficiently mitigate identified risks and meet business objectives.
• Leads projects and initiatives to design and verify implementation of various information security controls.
• Supports information security leadership team in strategic planning and development.
• Provides security design, consultancy, and assessment services; and introduces improvements in technical security standards and security implementation patterns and designs.
• Provides recommendations of industry best practices, trends, and technology products.
• Detects, investigates and manages recovery efforts from security incidents, and assists with incident response plans.
• Designs technical solutions and coordinates with the staff to ensure timely and accurate implementation.
• Performs other duties as assigned.

• This position works under limited supervision.  
• This position serves as a technical lead, providing guidance and mentorship to assigned staff.

• Bachelor's Degree in Information Technology, Computer Science or related field of study required.
• Six years of relevant IT work experience, to include five years in network security field. 
• At least one 1 of the following professional information/network security certifications required: 

• Cisco Certified Network Professional (CCNP) in Security
• Certified Information Systems Security Professional (CISSP)
• Palo Alto Networks Certified Network Security Engineer (PCNSE)

• Valid Class "C" Texas Driver's License.

PREFERRED QUALIFICATIONS 

• Master's Degree in IT, Computer Science or related field of study from an accredited college or university
• Certified Information Systems Security Professional (CISSP)
• Cisco Certified Internetwork Professional (CCIE) in Security
• Knowledge of SCADA/ICS security controls and best practices.
• Knowledge of Linux/Unix and other open-source software to include BIND and Nessus.
• Programming skills in one or more languages (Python, Ruby, Bash, PHP, Perl, Java).
• Experience with Cisco and Palo Alto enterprise grade products to include Firewalls, Cloud Web Proxy, TACACS+, RADIUS, DMVPN, WAF, etc.

• Knowledge of network security, security-related systems and applications as well as security protocols and related tools, including tcpdump, Wireshark, and Splunk.
• Skilled in scanning for vulnerabilities and identifying issues with web-applications and applications programmable interfaces (API).  
• Demonstrated ability to identify security requirements and validate implementation of applicable controls into a robust architecture that sufficiently repels most malicious attacks.
• Regular contact with internal and external customers and contractor representatives involved with   LAN/WAN design, network implementation, and network management.

Working conditions are primarily inside an office environment with travel to various locations on an occasional basis. Physical requirements include occasional lifting/carrying of 50 pounds; visual acuity, speech and hearing; hand and eye coordination and manual dexterity necessary to operate a computer keyboard and basic office equipment. Subject to sitting, standing, reaching, walking, twisting, and kneeling to perform the essential functions. 

May be required to work hours other than regular schedule such as nights, weekends, and holidays.